diff --git a/README.md b/README.md index 628f732..ab0c69a 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ and simultaneous multithreading (SMT) is disabled. See the Note, to achieve complete protection for known CPU vulnerabilities, the latest security microcode (BIOS/UEFI) updates must be installed on the system. Furthermore, if using Secure Boot, the Secure Boot Forbidden Signature Database (DBX) must be kept -up to date through [UEFI Revocation List](https://uefi.org/revocationlistfile) updates. +up to date through [UEFI Revocation List](https://github.com/microsoft/secureboot_objects) updates. CPU mitigations: diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg index 9b29760..efc9e5e 100644 --- a/etc/default/grub.d/40_cpu_mitigations.cfg +++ b/etc/default/grub.d/40_cpu_mitigations.cfg @@ -30,6 +30,7 @@ ## The UEFI Revocation List contains signatures of now revoked firmware and software used in booting systems. ## If using compatible hardware, the database can be updated directly in user space using fwupd. ## Note that incorrectly performing DBX updates can potentially lead to serious functionality issues. +## https://github.com/microsoft/secureboot_objects ## https://uefi.org/revocationlistfile ## https://github.com/fwupd/fwupd